
ted States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 223 1 3- 1 450 
www.usplo.gov 



r ION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



004 08/17/2001 

7590 03/18/2005 

Finnegan, Henderson, Farabow, 
Garrett & Dunner, L.L.P. 
1300 I Street, N.W. 
Washington, DC 20005-3315 



Nang Kon Kwan 



06502.0336 



2756 



EXAMINER 



CHAI, LONG BIT 



ART UNIT 



PAPER NUMBER 



2131 

DATE MAILED: 03/18/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 





Application No. 

09/931,004 


Applicant(s) 

KWAN, NANG KON 


Examiner 

Longbit Chai 


Art Unit 

2131 





The MAILING DATE of this communication appears on the cover sheet with the correspondence address « 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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earned patent term adjustment. See 37 CFR 1.704(b). 
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2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
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4) D Claim(s) is/are pending in the applicatio'n. 
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5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-33 is/are rejected. 
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8) D Claim(s) are subject to restriction and/or election requirement. 
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DETAILED ACTION 



Priority 

1 . No claim for priority has been made in this application. 

The effective filing date for the subject matter defined in the pending claims in 
this application is 8/1 7/2001 . 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
' manner in which the invention was made. 

2. Claims 1 - 33 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bisbee (Patent Number: 6367013), in view of CFSB ("How Key Escrow Might Work", by 
Computer Fraud & Security Bulletin, July 1, 1996). 

As per claim 1 , 15, 19 and 33, Bisbee teaches method in a data processing 
system for requesting a digital certificate from a certificate authority and archiving an 
encryption key outside of the certificate authority, comprising: 



Application/Control Number: 09/931 ,004 Page 3 

Art Unit: 2131 

receiving a request from a user for a digital certificate (Bisbee: see for example, 
Column 1 1 Line 64 - 66 and Column 12 Line 28 - 30: RA (Registration Manager) as 
taught by Bisbee is responsible to request a digital certificate between the subscriber 
and CA (Certificate Authority)). 

Bisbee teaches TCU (Trusted Custodial Utility) is a trusted 3 rd -party repository of 
information objects and securely stores and securely retrieves digitally signed, 
authenticated and encrypted information objects and provides for backup and disaster 
recovery (Bisbee: see for example, Column 3 Line 38 - 39, Column 3 Line 55 - 57 and 
Column 3 Line 62 - 63). 

Bisbee does not disclose expressly receiving an indication of proof of archival of 
the user's encryption key associated with the request. 

CFSB teaches receiving an indication of proof of archival of the user's encryption 
key associated with the request (CFSB: see for example, 1 st Paragraph: CFSB teaches 
with an escrowed infrastructure, a user's private encryption key would be archived with 
a trusted key holder prior to issuance of he corresponding public key certificate; and for 
the case of 3 rd -party trusted key holder, the CA needs proof of that key has been 
escrowed (i.e. archived), say, through the escrow certificate digitally signed by the key 
holder). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of CFSB within the system of Bisbee 
because CFSB teaches providing benefits to owners for archiving key especially for the 
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situation even after acquiring the new key pair, data retransmission is not possible (e.g. 
voice mailbox messages) (CFSB: see for example, page 2, 5 th Paragraph). 

Accordingly, Bisbee in view of CFSB teaches receiving an indication of proof of 
archival of the user's encryption key associated with the request, wherein the user's 
encryption key is archived under control of an entity other than the certificate authority. 

As per claim 18, Bisbee teaches a data processing system for requesting a 
digital certificate from a certificate authority and archiving an encryption key under 
control of an entity other than the certificate authority, comprising: 

a registration manager configured to receive a digital certificate request including 
a user's encryption key (Bisbee: see for example, Column 1 1 Line 52 - 66: the public 
key is used as the basis for a certificate request, where the basis is uniquely associated 
with a key-pair assigned to a reference handle (or name)). 

Bisbee does not disclose expressly sending the user's encryption key, and in 
response receive an indication of proof of archival. 

CFSB teaches receiving an indication of proof of archival of the user's encryption 
key associated with the request (CFSB: see for example, 1 st Paragraph: CFSB teaches 
with an escrowed infrastructure, a user's private encryption key would be archived with 
a trusted key holder prior to issuance of he corresponding public key certificate; and for 
the case of 3 rd -party trusted key holder, the CA needs proof of that key has been 
escrowed (i.e. archived), say, through the escrow certificate digitally signed by the key 
holder). 
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It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of CFSB within the system of Bisbee 
because CFSB teaches providing benefits to owners for archiving key especially for the 
situation even after acquiring the new key pair, data retransmission is not possible (e.g. 
voice mailbox messages) (CFSB: see for example, page 2, 5 th Paragraph). 

Accordingly, Bisbee in view of CFSB teaches a registration manager configured 
to receive a digital certificate request including a user's encryption key, send the user's 
encryption key, and in response receive an indication of proof of archival. 

a certificate authority configured to issue a digital certificate when it is determined 
that an indication proof of archival was received (CFSB: see for example, 1 st 
Paragraph). 

Furthermore, Bisbee teaches TCU (Trusted Custodial Utility) is a trusted 3 rd -party 
repository of information objects and securely stores and securely retrieves digitally 
signed, authenticated and encrypted information objects and access to the data 
repository (i.e. database) that provides for backup and disaster recovery (Bisbee: see 
for example, Column 3 Line 38 - 39, Column 3 Line 50 - 55, Column 3 Line 55 - 57 
and Column 3 Line 62 - 63). 

Accordingly, Bisbee in view of CFSB teaches a data recovery manager (i.e. 
equivalent toTCU as taught by Bisbee) configured to receive the user's encryption key, 
send the user's encryption key to a database controlled by an entity other than the 
certificate authority for archiving, create an indication of proof archival and send the 
indication of proof of archival. 
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a database, under control of an entity other than the certificate authority, 
configured to receive and archive the user's encryption key (Bisbee: see for example, 
Column 3 Line 50 - 52: the data repository is qualified as the database). 

As per claim 2 and 20, Bisbee in view of CFSB teaches the claimed invention as 
described above (see claim 1 and 19 respectively). CFSB further teaches the step of 
sending a digital certificate associated with the user in response to the received request 
and indication of proof of archival (CFSB: see for example, 1 st Paragraph). 

As per claim 3 and 21 , Bisbee in view of CFSB teaches the claimed invention as 
described above (see claim 1 and 19 respectively). Bisbee further teaches receiving 
the user's encryption key (Bisbee: see for example, Column 1 1 Line 52 - 66: the public 
key is used as the basis for a certificate request, where the basis is uniquely associated 
with a key-pair assigned to a reference handle (or name)). 

As per claim 4 and 22, Bisbee in view of CFSB teaches the claimed invention as 
described above (see claim 3 and 21 respectively). Bisbee further teaches the 
encryption key is encrypted during transmission, and wherein the method further 
comprises the step of decrypting the encrypted encryption key (Bisbee: see for 
example, Column 1 1 Line 64 - 66 and Column 1 1 Line 52 - 60: (a) certificate request is 
signed by RA and thereby is encrypted (b) the public key is used as the basis for a 
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certificate request, where the basis is uniquely associated with a key-pair assigned to a 
reference handle (or name)). 

As per claim 5 and 23, Bisbee in view of CFSB teaches the claimed invention as 
described above (see claim 3 and 21 respectively). CFSB further teaches the 
encryption key is the user's private key (CFSB: see for example, Page 1, 1 st Paragraph, 
Line 1 -4). 

As per claim 6 and 24, Bisbee in view of CFSB teaches the claimed invention as 
described above (see claim 4 and 22 respectively). Bisbee further teaches a data 
recovery manager that receives and manages archiving of the encryption key, and 
wherein the encryption key is encrypted during transmission using the data recovery 
manager's public transport key (Bisbee: see for example, Column 13 Line 19 - 25). 

As per claim 7, 1 1 , 13, 25, 29 and 31 , Bisbee in view of CFSB teaches the 
claimed invention as described above (see claim 1, 10, 12, 19, 28 and 30 respectively). 
CFSB teaches the indication of proof of archival is digitally signed, and wherein the 
method further comprises the step of verifying a digital signature on the indication of 
proof of archival Page 1 , 1 st Paragraph, Line 6 - 7). 

As per claim 8 and 26, Bisbee in view of CFSB teaches the claimed invention as 
described above (see claim 7 and 25 respectively). Bisbee teaches the indication of 
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proof of archival is digitally signed by the data recovery manager (Bisbee: see for 
example, Column 13 Line 19 - 25). 

As per claim 9, 14, 27 and 32, Bisbee in view of CFSB teaches the claimed 
invention as described above (see claim 1 , 13, 19 and 31 respectively). Bisbee in view 
of CFSB teaches the user's encryption key is archived under control of the user (Bisbee: 
see for example, Column 1 1 Line 52 - 66: the public key is used as the basis for a 
certificate request, where the basis is uniquely associated with a key-pair (generated by 
the user's smart card) assigned to a reference handle (or name)). 

As per claim 10, 16 and 28, Bisbee teaches a method in a data processing 
system for requesting a digital certificate from a certificate authority and archiving an 
encryption key outside of the certificate authority, comprising: 

sending a request for a digital certificate (Bisbee: see for example, Column 1 1 
Line 64 - 66 and Column 12 Line 28 - 30: RA (Registration Manager) as taught by 
Bisbee is responsible to request a digital certificate between the subscriber and CA 
(Certificate Authority)). 

Bisbee teaches TCU (Trusted Custodial Utility) is a trusted 3 rd -party repository of 
information objects and securely stores and securely retrieves digitally signed, 
authenticated and encrypted information objects and provides for backup and disaster 
recovery (Bisbee: see for example, Column 3 Line 38 - 39, Column 3 Line 55 - 57 and 
Column 3 Line 62 - 63). 
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Bisbee does not disclose expressly the request having an indication of proof of 
archival of an encryption key for the user. 

CFSB teaches receiving an indication of proof of archival of the user's encryption 
key associated with the request (CFSB: see for example, 1 st Paragraph: CFSB teaches 
with an escrowed infrastructure, a user's private encryption key would be archived with 
a trusted key holder prior to issuance of he corresponding public key certificate; and for 
the case of 3 rd -party trusted key holder, the CA needs proof of that key has been 
escrowed (i.e. archived), say, through the escrow certificate digitally signed by the key 
holder). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of CFSB within the system of Bisbee 
because CFSB teaches providing benefits to owners for archiving key especially for the 
situation even after acquiring the new key pair, data retransmission is not possible (e.g. 
voice mailbox messages) (CFSB: see for example, page 2, 5 th Paragraph). 

receiving a digital certificate in response to the request (CFSB: see for example, 
page 1, 1 st Paragraph, Line 2). 

As per claim 12, 17 and 30, claims 12, 17 and 30 are similar to claim 1. 
Therefore, see rationale addressed above in rejecting claim 1. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 8:00am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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